SB2025121720 - Red Hat Enterprise Linux 8 update for kernel

Description

This security bulletin contains information about 31 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2022-48701)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the snd_usb_parse_audio_interface() function in sound/usb/stream.c. A local user can perform a denial of service (DoS) attack.

2) Input validation error (CVE-ID: CVE-2024-46679)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the speed_show() function in net/core/net-sysfs.c, within the __ethtool_get_link_ksettings() function in net/core/ethtool.c. A local user can perform a denial of service (DoS) attack.

3) Out-of-bounds read (CVE-ID: CVE-2025-38729)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the validate_uac3_feature_unit() and FUNC() functions in sound/usb/validate.c. A local user can perform a denial of service (DoS) attack.

4) Improper locking (CVE-ID: CVE-2025-38718)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sctp_rcv() function in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.

5) Use-after-free (CVE-ID: CVE-2025-38724)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfsd4_setclientid_confirm() function in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.

6) Improper locking (CVE-ID: CVE-2025-39697)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nfs_page_set_inode_ref(), nfs_page_group_lock() and nfs_inode_remove_request() functions in fs/nfs/write.c, within the nfs_page_group_unlock() function in fs/nfs/pagelist.c. A local user can perform a denial of service (DoS) attack.

7) Out-of-bounds read (CVE-ID: CVE-2025-39757)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the convert_chmap_v3() and snd_usb_get_audioformat_uac3() functions in sound/usb/stream.c. A local user can perform a denial of service (DoS) attack.

8) Out-of-bounds read (CVE-ID: CVE-2023-53213)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the brcmf_get_assoc_ies() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can perform a denial of service (DoS) attack.

9) Use-after-free (CVE-ID: CVE-2023-53178)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the zswap_writeback_entry() function in mm/zswap.c. A local user can escalate privileges on the system.

10) Out-of-bounds read (CVE-ID: CVE-2023-53226)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mwifiex_process_mgmt_packet() function in drivers/net/wireless/marvell/mwifiex/util.c. A local user can perform a denial of service (DoS) attack.

11) Input validation error (CVE-ID: CVE-2023-53297)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the l2cap_disconnect_rsp() function in net/bluetooth/l2cap_core.c. A local user can perform a denial of service (DoS) attack.

12) Race condition (CVE-ID: CVE-2025-39825)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the cifs_rename2() function in fs/smb/client/inode.c. A local user can escalate privileges on the system.

13) Buffer overflow (CVE-ID: CVE-2025-39817)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the efivarfs_d_compare() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.

14) Use-after-free (CVE-ID: CVE-2023-53305)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_le_command_rej() function in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.

15) Use-after-free (CVE-ID: CVE-2022-50367)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the inode_init_always() function in fs/inode.c. A local user can escalate privileges on the system.

16) Improper locking (CVE-ID: CVE-2023-53365)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ip6mr_cache_report() function in net/ipv6/ip6mr.c. A local user can perform a denial of service (DoS) attack.

17) NULL pointer dereference (CVE-ID: CVE-2022-50356)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sfb_reset() function in net/sched/sch_sfb.c. A local user can perform a denial of service (DoS) attack.

18) NULL pointer dereference (CVE-ID: CVE-2023-53354)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the skb_segment() function in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.

19) Improper locking (CVE-ID: CVE-2023-53393)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the do_get_hw_stats() function in drivers/infiniband/hw/mlx5/counters.c. A local user can perform a denial of service (DoS) attack.

20) Use-after-free (CVE-ID: CVE-2023-53373)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the seqiv_aead_encrypt_complete2() function in crypto/seqiv.c. A local user can escalate privileges on the system.

21) Use-after-free (CVE-ID: CVE-2022-50386)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_connect_create_rsp() function in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.

22) Out-of-bounds read (CVE-ID: CVE-2022-50403)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the fs/ext4/ext4.h. A local user can perform a denial of service (DoS) attack.

23) Use-after-free (CVE-ID: CVE-2022-50408)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the brcmf_netdev_start_xmit() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c. A local user can escalate privileges on the system.

24) Buffer overflow (CVE-ID: CVE-2022-50410)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the nfsd_proc_read() function in fs/nfsd/nfsproc.c. A local user can escalate privileges on the system.

25) NULL pointer dereference (CVE-ID: CVE-2022-50406)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iomap_writepage_map() function in fs/iomap/buffered-io.c. A local user can perform a denial of service (DoS) attack.

26) Use-after-free (CVE-ID: CVE-2025-39864)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cfg80211_update_known_bss() function in net/wireless/scan.c. A local user can escalate privileges on the system.

27) Use-after-free (CVE-ID: CVE-2025-39841)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lpfc_nvmet_defer_rcv() function in drivers/scsi/lpfc/lpfc_nvmet.c. A local user can escalate privileges on the system.

28) Improper error handling (CVE-ID: CVE-2025-39883)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the unpoison_memory() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.

29) Out-of-bounds read (CVE-ID: CVE-2023-53680)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nfsd4_decode_compound() function in fs/nfsd/nfs4xdr.c. A local user can perform a denial of service (DoS) attack.

30) Resource management error (CVE-ID: CVE-2025-39955)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tcp_disconnect() function in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.

31) Use-after-free (CVE-ID: CVE-2025-40186)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcp_conn_request() function in net/ipv4/tcp_input.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2025:23445